﻿<%@ page contentType="text/html;charset=gb2312"%>
<%@ page import="java.sql.*"%>
<html>
	<body>
		<%
			Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver").newInstance();
			String url = "jdbc:sqlserver://127.0.0.1:1433;DatabaseName=STU_LEAVE_INFO";
			String sqlUser = "web";
			String sqlPwd = "prog";
			Connection conn = DriverManager.getConnection(url,sqlUser,sqlPwd);
			Statement stmt = conn.createStatement();			
			String user = request.getParameter("user");
			String pwd = request.getParameter("password");
			byte pwdByte[] = pwd.getBytes("ISO-8859-1");
			pwd=new String(pwdByte);			
			String sql = "SELECT PWD,STU_NAME,TCH_NAME FROM T_LOGIN_PWD ,T_STUDENT,T_TEACHER WHERE ACCOUNT='"+user+"' AND (STU_ID='"+user+"' OR TCH_ID='"+user+"')";		
			ResultSet rs = stmt.executeQuery(sql);
			
			rs.next();
			String correctPwd = (String)rs.getString("PWD");
			String stuName = (String)rs.getString("STU_NAME");
			String tchName = (String)rs.getString("TCH_NAME");
			byte pByte[] = correctPwd.getBytes("ISO-8859-1");
			correctPwd=new String(pByte);			
			if(pwd.equals(correctPwd)){
				session.putValue("myuser",user);
				if(user.length() == 12){
					application.setAttribute("name",stuName);
					response.sendRedirect("input.jsp");//学生					
				}
				else{
					application.setAttribute("name",tchName);
					response.sendRedirect("report.jsp");//管理员
				}
			}else{
				response.sendRedirect("login.html");
				//out.print("用户名或密码输入错误");
			}
			
			rs.close();
			stmt.close();
			conn.close();
		%>
	</body>
</html>